我想使用WSO2 IS作爲標識提供程序來實現具有SAML 2.0協議的SSO系統。我已經分析了SSO示例https://docs.wso2.com/display/IS500/Configuring+Single+Sign-On+with+SAML+2.0以瞭解如何實現服務提供者端以生成SAML 2.0身份驗證請求。 AFAIK實施SAML SP的另一種方式是使用OpenAM,OpenSAML或Shibboleth。但是所有這些方法都需要來自服務提供商的編程知識來實現它。作爲Web服務公開的SAML 2.0協議
因此我的問題: WSO2 IS中是否有任何Web Admin Service來簡化SAML SP的實施?我已經找到了SAML2SSOAuthenticationService.wsdl,但我不確定它是如何工作的,以及是否需要一些其他管理服務來實現所需的解決方案。
您可以使用https://localhost:9443/services/IdentityApplicationManagementService管理服務createApplication創建服務提供者的方法。
或者您可以使用配置文件創建服務提供商。
請按照以下
1 setps)打開/repository/conf/security/sso-idp-config.xml文件,並添加下面的配置它。這增加了作爲服務提供商的travelocity應用程序。
<ServiceProvider>
<Issuer>travelocity.com</Issuer>
<AssertionConsumerService>http://localhost:8080/travelocity.com/home.jsp</AssertionConsumerService>
<SignAssertion>false</SignAssertion>
<SignResponse>false</SignResponse>
<EnableAttributeProfile>true</EnableAttributeProfile>
<IncludeAttributeByDefault>true</IncludeAttributeByDefault>
<EnableSingleLogout>true</EnableSingleLogout>
<Claims>
<Claim>http://wso2.org/claims/givenName</Claim>
</Claims>
<LogoutUrl></LogoutUrl>
<EnableAudienceRestriction>false</EnableAudienceRestriction>
<ConsumingServiceIndex>2104589</ConsumingServiceIndex>
</ServiceProvider>
2)創建一個名爲travelocity.com.xml在/庫/ conf目錄/身份/服務提供商目錄
3文件)中添加以下配置到travelocity.com.xml文件你創建。這增加了必要的SAML配置,Travelocity的服務提供商
<ServiceProvider>
<ApplicationID>3</ApplicationID>
<ApplicationName>travelocity.com</ApplicationName>
<Description>travelocity Service Provider</Description>
<IsSaaSApp>true</IsSaaSApp>
<InboundAuthenticationConfig>
<InboundAuthenticationRequestConfigs>
<InboundAuthenticationRequestConfig>
<InboundAuthKey>travelocity.com</InboundAuthKey>
<InboundAuthType>samlsso</InboundAuthType>
<Properties></Properties>
</InboundAuthenticationRequestConfig>
</InboundAuthenticationRequestConfigs>
</InboundAuthenticationConfig>
<LocalAndOutBoundAuthenticationConfig>
<AuthenticationSteps>
<AuthenticationStep>
<StepOrder>1</StepOrder>
<LocalAuthenticatorConfigs>
<LocalAuthenticatorConfig>
<Name>BasicAuthenticator</Name>
<DisplayName>basicauth</DisplayName>
<IsEnabled>true</IsEnabled>
</LocalAuthenticatorConfig>
</LocalAuthenticatorConfigs>>
<FederatedIdentityProviders>
<IdentityProvider>
<IdentityProviderName>identityProviderIDP_IS</IdentityProviderName>
<IsEnabled>true</IsEnabled>
<DefaultAuthenticatorConfig>
<FederatedAuthenticatorConfig>
<Name>SAMLSSOAuthenticator</Name>
<DisplayName>samlsso</DisplayName>
<IsEnabled>true</IsEnabled>
</FederatedAuthenticatorConfig>
</DefaultAuthenticatorConfig>
</IdentityProvider>
</FederatedIdentityProviders>
<SubjectStep>true</SubjectStep>
<AttributeStep>true</AttributeStep>
</AuthenticationStep>
</AuthenticationSteps>
</LocalAndOutBoundAuthenticationConfig>
<RequestPathAuthenticatorConfigs></RequestPathAuthenticatorConfigs>
<InboundProvisioningConfig></InboundProvisioningConfig>
<OutboundProvisioningConfig></OutboundProvisioningConfig>
<ClaimConfig>
<AlwaysSendMappedLocalSubjectId>true</AlwaysSendMappedLocalSubjectId>
<LocalClaimDialect>true</LocalClaimDialect><ClaimMappings><ClaimMapping><LocalClaim><ClaimUri>http://wso2.org/claims/givenname</ClaimUri></LocalClaim><RemoteClaim><ClaimUri>http://wso2.org/claims/givenName</ClaimUri>ClaimUri></RemoteClaim><RequestClaim>true</RequestClaim></ClaimMapping></ClaimMappings></ClaimConfig>
<PermissionAndRoleConfig></PermissionAndRoleConfig>
</ServiceProvider>
請參考以下鏈接瞭解更多詳情 [1] https://docs.wso2.com/display/IS500/Adding+a+Service+Provider+and+Identity+Provider+Using+Configuration+Files